Progent's Ransomware Forensics Analysis and Reporting in St. Louis
Progent's ransomware forensics experts can preserve the system state after a ransomware attack and perform a comprehensive forensics investigation without impeding activity related to business continuity and data restoration. Your St. Louis business can use Progent's post-attack forensics report to block future ransomware attacks, validate the recovery of encrypted data, and comply with insurance and governmental mandates.
Ransomware forensics investigation involves determining and describing the ransomware assault's progress across the targeted network from beginning to end. This history of the way a ransomware assault travelled within the network assists your IT staff to evaluate the impact and highlights weaknesses in security policies or processes that need to be rectified to avoid future breaches. Forensic analysis is typically assigned a top priority by the cyber insurance carrier and is typically required by government and industry regulations. Because forensic analysis can take time, it is vital that other important recovery processes like operational continuity are pursued in parallel. Progent has an extensive roster of information technology and security experts with the knowledge and experience needed to perform activities for containment, business continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics is complicated and requires close interaction with the groups assigned to file restoration and, if necessary, settlement negotiation with the ransomware hacker. Ransomware forensics typically require the review of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Activities associated with forensics include:
- Detach without shutting down all possibly impacted devices from the system. This may involve closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user passwords, and implementing 2FA to guard your backups.
- Capture forensically complete duplicates of all suspect devices so the data restoration team can proceed
- Save firewall, VPN, and other critical logs as soon as possible
- Identify the variety of ransomware used in the attack
- Inspect every machine and storage device on the system as well as cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware involved in the attack
- Review logs and sessions to determine the timeline of the ransomware attack and to spot any possible lateral movement from the originally compromised system
- Identify the security gaps exploited to carry out the ransomware assault
- Search for the creation of executables associated with the original encrypted files or system compromise
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs embedded in messages and check to see if they are malicious
- Provide extensive incident reporting to satisfy your insurance carrier and compliance requirements
- Suggest recommended improvements to close cybersecurity vulnerabilities and enforce processes that lower the risk of a future ransomware breach
Progent has delivered online and on-premises network services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning software. This broad array of expertise allows Progent to salvage and consolidate the surviving parts of your network following a ransomware assault and reconstruct them rapidly into a viable system. Progent has collaborated with top insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in St. Louis
To find out more information about how Progent can assist your St. Louis organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.